CVE List - 2022 / November
Showing 401 - 500 of 2020 CVEs for November 2022 (Page 5 of 21)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-39432 | 2022-11-04 | diplib v3.0.0 is vulnerable to Double Free. |
| CVE-2021-39473 | 2022-11-04 | Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS)... |
| CVE-2022-3023 | 2022-11-04 | Use of Externally-Controlled Format String in pingcap/tidb |
| CVE-2022-31691 | 2022-11-04 | Spring Tools 4 for Eclipse version 4.16.0 and below as... |
| CVE-2022-3340 | 2022-11-04 | Trellix IPS Manager vulnerable to XXE |
| CVE-2022-33684 | 2022-11-04 | Apache Pulsar C++/Python OAuth Clients prior to 3.0.0 were vulnerable to an MITM attack due to Disabled Certificate Validation |
| CVE-2022-3721 | 2022-11-04 | Code Injection in froxlor/froxlor |
| CVE-2022-38582 | 2022-11-04 | Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog... |
| CVE-2022-39344 | 2022-11-04 | Azure RTOS USBX vulnerable to buffer overflow |
| CVE-2022-39384 | 2022-11-04 | OpenZeppelin Contracts initializer reentrancy may lead to double initialization |
| CVE-2022-39387 | 2022-11-04 | XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication |
| CVE-2022-41666 | 2022-11-04 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that... |
| CVE-2022-41667 | 2022-11-04 | A CWE-22: Improper Limitation of a Pathname to a Restricted... |
| CVE-2022-41668 | 2022-11-04 | A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries... |
| CVE-2022-41669 | 2022-11-04 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in... |
| CVE-2022-41670 | 2022-11-04 | A CWE-22: Improper Limitation of a Pathname to a Restricted... |
| CVE-2022-41671 | 2022-11-04 | A CWE-89: Improper Neutralization of Special Elements used in SQL... |
| CVE-2022-43945 | 2022-11-04 | The Linux kernel NFSD implementation prior to versions 5.19.17 and... |
| CVE-2022-44724 | 2022-11-04 | The Handy Tip macro in Stiltsoft Handy Macros for Confluence... |
| CVE-2022-27893 | 2022-11-04 | The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests. |
| CVE-2022-27894 | 2022-11-04 | The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability. |
| CVE-2022-40263 | 2022-11-04 | BD Totalys MultiProcessor - Hardcoded Credentials |
| CVE-2022-38660 | 2022-11-04 | HCL XPages applications are susceptible to Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2022-38654 | 2022-11-04 | HCL Domino is susceptible to an information disclosure vulnerability |
| CVE-2022-38661 | 2022-11-04 | HCL Workload Automation is affected by a vulnerability in Jlog component of the Master Domain Manager |
| CVE-2022-38656 | 2022-11-04 | HCL Commerce, when using Elasticsearch, could be affected by a denial of service vulnerability |
| CVE-2022-43562 | 2022-11-04 | Host Header Injection in Splunk Enterprise |
| CVE-2022-43563 | 2022-11-04 | Risky command safeguards bypass via rex search command field names in Splunk Enterprise |
| CVE-2022-43564 | 2022-11-04 | Denial of Service in Splunk Enterprise through search macros |
| CVE-2022-43565 | 2022-11-04 | Risky command safeguards bypass via ‘tstats command JSON in Splunk Enterprise |
| CVE-2022-43566 | 2022-11-04 | Risky command safeguards bypass via Search ID query in Analytics Workspace in Splunk Enterprise |
| CVE-2022-43567 | 2022-11-04 | Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature |
| CVE-2022-43568 | 2022-11-04 | Reflected Cross-Site Scripting via the radio template in Splunk Enterprise |
| CVE-2022-43569 | 2022-11-04 | Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise |
| CVE-2022-43570 | 2022-11-04 | XML External Entity Injection through a custom View in Splunk Enterprise |
| CVE-2022-43572 | 2022-11-04 | Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise |
| CVE-2022-3868 | 2022-11-05 | SourceCodester Sanitization Management System sql injection |
| CVE-2022-3869 | 2022-11-05 | Code Injection in froxlor/froxlor |
| CVE-2022-37710 | 2022-11-06 | Patterson Dental Eaglesoft 21 has AES-256 encryption but there are... |
| CVE-2022-40284 | 2022-11-06 | A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted... |
| CVE-2022-42707 | 2022-11-06 | In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before... |
| CVE-2022-42905 | 2022-11-06 | In wolfSSL before 5.5.2, if callback functions are enabled (via... |
| CVE-2022-42919 | 2022-11-06 | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux... |
| CVE-2022-44544 | 2022-11-06 | Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3,... |
| CVE-2022-38164 | 2022-11-07 | A vulnerability affecting F-Secure SAFE browser for Android and iOS... |
| CVE-2022-42920 | 2022-11-07 | Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing |
| CVE-2022-43317 | 2022-11-07 | A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource... |
| CVE-2022-43318 | 2022-11-07 | Human Resource Management System v1.0 was discovered to contain a... |
| CVE-2021-42205 | 2022-11-07 | ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in... |
| CVE-2022-2387 | 2022-11-07 | Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF |
| CVE-2022-2711 | 2022-11-07 | WP All Import < 3.6.9 - Admin+ Directory traversal via file upload |
| CVE-2022-3418 | 2022-11-07 | WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE |
| CVE-2022-3451 | 2022-11-07 | Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls |
| CVE-2022-3462 | 2022-11-07 | Highlight Focus <= 1.1 - Admin+ Stored Cross Site Scripting |
| CVE-2022-3463 | 2022-11-07 | FluentForm < 4.3.13 - CSV Injection |
| CVE-2022-3481 | 2022-11-07 | WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi |
| CVE-2022-3489 | 2022-11-07 | WP Hide <= 0.0.2 - Unauthenticated Settings Update |
| CVE-2022-3494 | 2022-11-07 | Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi |
| CVE-2022-3536 | 2022-11-07 | Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization |
| CVE-2022-3537 | 2022-11-07 | Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload |
| CVE-2022-3558 | 2022-11-07 | Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection |
| CVE-2022-37865 | 2022-11-07 | Apache Ivy allows creating/overwriting any file on the system |
| CVE-2022-37866 | 2022-11-07 | Apache Ivy allows path traversal in the presence of a malicious repository |
| CVE-2022-38163 | 2022-11-07 | A Drag and Drop spoof vulnerability was discovered in F-Secure... |
| CVE-2022-3872 | 2022-11-07 | An off-by-one read/write issue was found in the SDHCI device... |
| CVE-2022-3873 | 2022-11-07 | Cross-site Scripting (XSS) - DOM in jgraph/drawio |
| CVE-2022-3878 | 2022-11-07 | Maxon ERP browse_data sql injection |
| CVE-2022-42955 | 2022-11-07 | The PassWork extension 5.0.9 for Chrome and other browsers allows... |
| CVE-2022-42956 | 2022-11-07 | The PassWork extension 5.0.9 for Chrome and other browsers allows... |
| CVE-2022-42990 | 2022-11-07 | Food Ordering Management System v1.0 was discovered to contain a... |
| CVE-2022-43046 | 2022-11-07 | Food Ordering Management System v1.0 was discovered to contain a... |
| CVE-2022-43049 | 2022-11-07 | Canteen Management System Project v1.0 was discovered to contain a... |
| CVE-2022-43050 | 2022-11-07 | Online Tours & Travels Management System v1.0 was discovered to... |
| CVE-2022-43051 | 2022-11-07 | Online Diagnostic Lab Management System v1.0 was discovered to contain... |
| CVE-2022-43052 | 2022-11-07 | Online Diagnostic Lab Management System v1.0 was discovered to contain... |
| CVE-2022-43303 | 2022-11-07 | The d8s-strings for python, as distributed on PyPI, included a... |
| CVE-2022-43304 | 2022-11-07 | The d8s-timer for python, as distributed on PyPI, included a... |
| CVE-2022-43305 | 2022-11-07 | The d8s-python for python, as distributed on PyPI, included a... |
| CVE-2022-43306 | 2022-11-07 | The d8s-timer for python, as distributed on PyPI, included a... |
| CVE-2022-43319 | 2022-11-07 | An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple... |
| CVE-2022-43350 | 2022-11-07 | Sanitization Management System v1.0 was discovered to contain a SQL... |
| CVE-2022-43351 | 2022-11-07 | Sanitization Management System v1.0 was discovered to contain an arbitrary... |
| CVE-2022-43352 | 2022-11-07 | Sanitization Management System v1.0 was discovered to contain a SQL... |
| CVE-2022-43359 | 2022-11-07 | Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered to contain an out-of-bounds read... |
| CVE-2022-44048 | 2022-11-07 | The d8s-urls for python, as distributed on PyPI, included a... |
| CVE-2022-44049 | 2022-11-07 | The d8s-python for python, as distributed on PyPI, included a... |
| CVE-2022-44050 | 2022-11-07 | The d8s-networking for python, as distributed on PyPI, included a... |
| CVE-2022-44051 | 2022-11-07 | The d8s-stats for python, as distributed on PyPI, included a... |
| CVE-2022-44052 | 2022-11-07 | The d8s-dates for python, as distributed on PyPI, included a... |
| CVE-2022-44053 | 2022-11-07 | The d8s-networking for python, as distributed on PyPI, included a... |
| CVE-2022-44054 | 2022-11-07 | The d8s-xml for python, as distributed on PyPI, included a... |
| CVE-2022-44792 | 2022-11-07 | handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a... |
| CVE-2022-44793 | 2022-11-07 | handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a... |
| CVE-2022-44794 | 2022-11-07 | An issue was discovered in Object First Ootbi BETA build... |
| CVE-2022-44795 | 2022-11-07 | An issue was discovered in Object First Ootbi BETA build... |
| CVE-2022-44796 | 2022-11-07 | An issue was discovered in Object First Ootbi BETA build... |
| CVE-2022-44797 | 2022-11-07 | btcd before 0.23.2, as used in Lightning Labs lnd before... |
| CVE-2020-12507 | 2022-11-07 | s::can moni::tools autheticated SQL injection |
| CVE-2020-12508 | 2022-11-07 | s::can moni::tools prone to path traversal in image-relocator module |
| CVE-2020-12509 | 2022-11-07 | s::can moni::tools prone to path traversal in camera-file module |